Diagnostic and test tools for IPv6

Diagnostic and test tools for IPv6Changing of the guardThe transition from version 4 to version 6 of the Internet Protocol moves slowly but inexorably closer. While regular users of it, ideally, does not notice, do administrators have their hands full - and hopefully the right tools at hand.
 IX reported on IPv6 since 1994. Today, seventeen years later, it is with the Internet Assigned Numbers Authority (IANA) has no more IPv4 addresses, which could distribute it. Anyone who operates a network should begin no later than now to start thinking about a migration. For the administrator, this means among other things, the contents of his toolbox to IPv6 capability to examine and, where appropriate, to update old tools or add new ones.Indispensable when debugging the network monitors are like wireshark and tcpdump (see box "online sources"). The latest versions of Wireshark 1.4 and 4.x Tcpdump can observe IPv6 packets. Also helpful is a tool like etherape that is happening on the network graphically represents - unfortunately currently only available on Linux / Unix. The program allows users to filter the incoming packets, and means the same as tcpdump filter expressions and the "Capture Options" dialog of wireshark. With ip ip6 and some users can only view of the old packets, respectively the new Internet Protocol.Conversations in the neighborhoodSpecialist scanners for the Address Resolution Protocol (ARP), the administrator must not forget: IPv6 uses a new mechanism called Neighbor Discovery, which uses the ICMPv6 protocol. The latter also forms the basis for the automatic detection of routers and assign IPv6 addresses (Stateless Address Autoconfiguration). On Linux or Unix it can be tested with the Neighbor Discovery ndisc6. The same package, the program includes rdisc6 to check the Router Discovery and IPv6 traceroute variants of known tools and tcptraceroute. The included version of tcpspray can be exploited to measure the throughput, reliable results are likely, however, provide IPv6-enabled benchmarks such as netperf or iperf.The classic ping does not understand IPv6. A more than adequate replacement is oping. It goes both versions of the Internet protocol and can bargain as fping "ping" several computers simultaneously - the same or at different addresses. The variant noping has a ncurses interface and shows not only the answers of the computer on a regularly updated statistical analysis.IP tunnel between the worldsAllows higher-level connection tests nc6, an IPv6-enabled netcat clone of the popular tools. It is also suitable for ad-hoc tunneling between the two Internet worlds. Continuous transitions - such as for older servers which speak only IPv4, but via IPv6 to be reachable - created one but better with suitable proxies such delegate, the HTTP-specific ffproxy or a so-called NAT64 gateway, such as ecdysis, Tayga or Microsoft Forefront Unified Access Gateway (UAG). For the latter, the IANA has the untapped IPv6 address range 64: ff9b:: reserved / 96, the translation mechanism of IPv4 addresses in IPv6 RFC describes 6052ndOf course, belong in the toolbox of the network admins for security testing tools. Computers that are protected in the IPv4 network by a firewall, packet filter or NAT router may well, for an attacker who travel via IPv6, are as open to the proverbial barn door. Anyone who uses any vulnerability scanners such as Nessus, should have at least one bread-and-butter tool such as nmap or a live CD like BackTrack Linux ready - and they use before computers allowed in the local network via IPv6 with the outside world .